Norton AntiBot beta 病毒樣本測試

2007-07-11 19:37:00 / 個人分類:AnTiVirus

首先我必須先說明一下,我用過的HIPS軟體不多,用比較久的大概就是GSS,SSM,Cyberhawk,SNS,KAV
其它像是EQ,Prevx,是最近才開始研究,所以我在這方面的經驗並不足夠,沒有辦法很客觀的評論HIPS軟體
希望大家可以注意這點!


以下是這次測試的病毒樣本
樣本均為熊貓燒香以及威金,測試方式為在幾秒中內執行所有的樣本
此法與我上一回測試Norton 2007的時候沒有差別

樣本執行後過了幾秒鐘出現此畫面,我選擇隔離


隔離之後,就出現觸李鐘請等待的畫面,這個地方還蠻久的


題是需要重新開機


測試時發生的小意外...
由於我樣本是用壓縮檔的方式保存,直接解壓縮之後winrar被判定為惡意程序,也一起被送進了隔離區



結論:
Norton AntiBot我短時間的使用下覺得還蠻不錯的,我在執行樣本的時候比較訝異的事
那些被感染的檔案,居然全部解毒了!有可能是樣本運行的同時自己解了,只是後來的行為被Norton AntiBot給中斷了

除了這些樣本(受測樣本),在其他的資料夾的病毒樣本居然也連帶處裡掉?!
不明白是Norton AntiBot 有帶緝毒引擎,還是靠行為分析做的決定?

Norton AntiBot確保了電腦的安全,運行的樣本並沒有漏網之魚,也就是說沒有像NAV 2007一樣幾分鐘內就被攻陷了
不過在這短時間的試驗裡發生了兩次誤報事件,一次有提示就是那個winrar.exe
另一次似乎是自動處裡的,完全沒有提示,隔離區內也找不到屍體
也許跟我測試樣本時按了"刪除"有關....

其它智能化HIPS 如Cyberhawk 以及SNS 均不會有這樣的情形
對於Norton AntiBot 我個人給予肯定的評價,因為簡單易用
防護效果也很高!


最後補一張待機時資源的佔用情形

NortonAntiBot.rar
(2007-07-11 19:34:49, Size: 103 kB, Downloads: 0)


論壇模式 推薦 收藏 等級(0) 編輯 管理 查看(8151) 評論(84)

TAG: AnTiVirus

天氣預報發佈於2007-09-19 15:03:22
特徵碼出135了~~
mizuhara的個人空間 mizuhara 發佈於2007-08-25 02:22:10

QUOTE:

原帖由 天氣預報 於 2007-8-23 16:09 發表


我五個勾除了第二個外都勾
就不用管他了
我自動隔離的功能沒開
怕砍了一些日常用的軟體= =
發現他會報如peercast之類的
天氣預報發佈於2007-08-23 16:09:07

QUOTE:

原帖由 mizuhara 於 2007-8-23 00:45 發表


還算不錯用


只是都沒感覺到在運作
我五個勾除了第二個外都勾
就不用管他了
mizuhara的個人空間 mizuhara 發佈於2007-08-23 00:45:03

QUOTE:

原帖由 天氣預報 於 2007-8-21 20:48 發表
特徵碼出132了
還算不錯用


只是都沒感覺到在運作
天氣預報發佈於2007-08-21 20:48:21
特徵碼出132了
mizuhara的個人空間 mizuhara 發佈於2007-08-14 04:30:28

QUOTE:

原帖由 ㄚ一 於 2007-7-25 18:36 發表
一個因緣際會下...
我找到一個過NAB的樣本
樣本運行後,系統上的*.exe應用程式迅速被感染
NAB沒有任何阻攔的動作...

晚一點發個詳細一點的說明上來,現在先讓我洗個澡吃個晚飯
po 錯....sorry

[ 本帖最後由 mizuhara 於 2007-8-14 04:40 編輯 ]
野戰部落 ㄚ一 發佈於2007-08-14 01:48:22

QUOTE:

原帖由 mizuhara 於 2007-8-14 01:47 發表
這個用來搭配nod32使用
不知道各位覺得會不會多此一舉呢
不會,可以補NOD32的不足
mizuhara的個人空間 mizuhara 發佈於2007-08-14 01:47:35
這個用來搭配nod32使用
不知道各位覺得會不會多此一舉呢
天氣預報發佈於2007-08-05 14:16:57
特徵碼出130了
tingin發佈於2007-07-29 22:27:25
這個NAB好像沒有白名單,他雖然有allowed,但某些東西明明已經allow了,重開機又再報一次
雖然不影響使用,但這行為就跟講不聽的小孩一樣討厭
天氣預報發佈於2007-07-26 01:30:51
沒關係啦
不整合反而可以搭別家防毒
Bug的個人空間 Bug 發佈於2007-07-26 01:27:21
Symantec Launches Norton AntiBot as Public Beta
06.07.07

By Neil J. Rubenking
Symantec today announced the release of the new Norton AntiBot product to public beta testing. Based on technology licensed from Sana Security, NAB is designed to detect bots and other malware strictly based on behavior, without requiring predefined signatures. The product is designed as a standalone security utility, compatible with Symantec's security solutions as well as with solutions from other vendors.

In PC Magazine's testing, Sana's Primary Response SafeConnect was very effective at keeping malicious software from installing on a clean system. Not only did its behavior monitoring detect and prevent malicious behavior, it also identified and removed ancillary files and Registry entries related to the malware it detected. Although it isn't designed as a tool to clean up existing malware infestations, in testing it was surprisingly successful. PRSC is PC Magazine's current Editors' Choice for non-signature anti-malware.

Tom Powledge, Symantec's senior director of consumer product management, clarified the distinction between this technology and Symantec's existing SONAR (Symantec Online Network for Advanced Response). SONAR is built into Norton AntiVirus, Norton Internet Security, and Norton 360.

Both technologies use behavioral analysis to detect malicious software without relying on signatures. But where SONAR comes into play only during system scans, Norton AntiBot is constantly active, monitoring all running processes. Symantec's existing experience and malware data will help NAB further reduce the already tiny proportion of false positives (legitimate programs flagged as malware).

While the product should be effective against any kind of malware, Symantec has specifically positioned it as a tool against bots. Powledge noted that bots are a serious and growing problem. The recently arrested "spam king" Robert Soloway used an extensive bot network to flood the Internet with spam. And the Storm Worm that made headlines earlier this year used bot-style techniques, downloading new, modified versions of itself to stay ahead of signature-based solutions.

Ed Kim, director of product management, praised the innovative technology from Sana. He said that Symantec intends to bring its implementation of this technology to market as soon as possible. While there's no specific date planned for the finished product's release and pricing has not yet been determined, it should appear sometime during the third quarter. There are no plans at present to merge Norton AntiBot with NAV, NIS, or N360; it will remain a standalone product for the foreseeable future.

原來官方早就說不整合了...
野戰部落 ㄚ一 發佈於2007-07-25 18:36:44
一個因緣際會下...
我找到一個過NAB的樣本
樣本運行後,系統上的*.exe應用程式迅速被感染
NAB沒有任何阻攔的動作...

晚一點發個詳細一點的說明上來,現在先讓我洗個澡吃個晚飯
天氣預報發佈於2007-07-25 16:59:25

QUOTE:

原帖由 Bug 於 2007-7-25 15:07 發表
我發現CONFIGURATION是有在更新的
從剛裝好的125-->昨天127-->今天129
但好像沒自動更新功能= =

我上次幾天沒注意就跳127了
天氣預報發佈於2007-07-25 16:19:08

QUOTE:

原帖由 ㄚ一 於 2007-7-25 14:24 發表
請問這個價格是有時間授權的嗎?
14.99美金好便宜,看的我都想買了
一年期吧
雖然不更新也是能用
但更新比較有保障
Bug的個人空間 Bug 發佈於2007-07-25 15:07:38
我發現CONFIGURATION是有在更新的
從剛裝好的125-->昨天127-->今天129
但好像沒自動更新功能= =

Bug的個人空間 Bug 發佈於2007-07-25 14:31:37
回復 #68 ㄚ一 的帖子
http://shop.symantecstore.com/DR ... ;productID=74708000

一年期...
野戰部落 ㄚ一 發佈於2007-07-25 14:24:26
請問這個價格是有時間授權的嗎?
14.99美金好便宜,看的我都想買了
天氣預報發佈於2007-07-25 10:29:55
測完後它們給我一封信
Dear Norton AntiBot Beta Tester:

Thank you for being a beta tester for new Norton AntiBot. To show our appreciation, we would like to offer you 50%* off this unique layer of protection!

MSRP: $29.99
Your Price: $14.99*

To take advantage of this exclusive offer now, please click here.

Thanks again for participating in the Norton AntiBot beta program. We look forward to continuing to provide you with the protection of Norton AntiBot.

Sincerely,


The Norton AntiBot Team

測試使用者可以打五折
acer1832a發佈於2007-07-24 08:50:18
昨天也裝來試試了~
看來目前這套軟體還是有一些些小問題

[ 本帖最後由 acer1832a 於 2007-7-24 08:52 編輯 ]
我來說兩句

(可選)

Open Toolbar